Let’s End Surprise Medical Bills

We're fighting to ensure you and your family can get a fair deal in the marketplace, especially on the choices that matter most: health care, privacy, automobiles, food, finances and more. Join our campaigns and together, we'll hold corporations and lawmakers accountable.

7 online security disasters

From the Target breach to the Heartbleed bug, here's how they happened

Find Ratings

Lately it seems that a new online security breach happens every week—or every day. Here are some of the most egregious recent ones: how they happened, how bad they were, and what to expect going forward.

1. The Target debacle

What happened? Hackers breached Target’s security systems, according to a congressional report, through a connection with an outside vendor, then installed programs that scooped up payment-card data from cash registers. They also obtained customer data stored in Target’s servers.

How bad was it? At the height of the 2013 holidays, they obtained payment-card data for 40 million people who shopped between Nov. 27 and Dec. 15, plus personal data for 70 million more. Banks then placed drastic limits on debit-card withdrawals.

What now? Financial institutions issued new cards, warning millions of fraud risk. Target offered a year of free credit monitoring, although that wouldn’t prevent the misuse of stolen information. Target said it will speed up the adoption of more secure point-of-sale technology.

2. Heartbleed havoc

What happened? In April researchers discovered Heartbleed, a bug in the software that’s used by an estimated two out of three Web servers, which lets hackers obtain passwords and other data that people submit online.

How bad was it? Researchers say that Heartbleed dates to March 2012, so a lot of data may have been compromised.

What now? Popular sites quickly fixed the bug. Some urged users to change passwords.

3. Adobe’s password problem

What happened? Hackers breached Adobe Systems’ security and obtained payment-card numbers for 2.9 million customers and an estimated 38 million user names and encrypted passwords. Affected customers were notified directly by Adobe.

How bad was it? Researchers said the thieves decoded some passwords by drawing on unencrypted password hints.

What now? Adobe required affected customers to change their passwords.

4. Tinder: Dating app kisses and tells

What happened? Tinder told users it would reveal their location only to the nearest mile. But in February the security firm Include Security reported that last fall, the app had let users locate each other to within 100 feet. It told Tinder about the problem in October. Tinder says it enhanced the app’s security soon after. But Include’s time line shows that on Dec. 2, Tinder was still trying to resolve the problem, and that it was fixed by Jan. 1, 2014.

How bad was it? Other Tinder users could pinpoint your exact location. How many people were affected isn’t known.

What now? Tinder says it has beefed up security of its users’ location data.